Schneider Electric Triconex TriStation and Tricon Communication Module (ICSA-20-205-01)

CISA has published an advisory on cleartext transmission of sensitive information, uncontrolled resource consumption, hidden functionality, and improper access control vulnerabilities in Schneider Electric Triconex TriStation and Tricon Communication Module. Numerous versions of TriStation and Tricon Communication Module are affected. Successful exploitation of these vulnerabilities may allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access. Schneider Electric has released updated versions of both products to address the vulnerabilities. It also recommends a series of industry cybersecurity best practices. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.